Splunk 4.0.4 released

Splunk released Splunk 4.0.4 which improves an organization’s ability to manage, secure and audit their entire IT infrastructure.

Resolved general issues

  • This release contains numerous localization and internationalization fixes, extensions, and improvements.
  • Splunk now runs correctly on unpatched versions of AIX 5.2.
  • Splunk now reads tsidx files originally created in version 2.x correctly.
  • An issue related to moving data buckets from ‘cold’ state to a ‘frozen’ state has been resolved.
  • An issue with cold-to-frozen script failing has been resolved.
  • DATETIME_CONFIG=CURRENT is now respected for files whose names include the date.
  • An error involving out of range cron values when editing a saved search has been resolved.
  • An issue with corrupted tcpout_connections messages in metrics.log has been resolved.
  • An issue with the “business_week_to_date” timerange and timezones ahead of GMT has been resolved.
  • An intermittent issue with AD LDAP auth not returning all the users when realNameAttribute = cn has been resolved.
  • Running clean globaldata now correctly deletes the files under fishbucket/db/.
  • The export eventdata command now functions correctly.
  • The interactive field extractor now correctly escapes pipes (|) in the regex.
  • An issue with sample events being overwritten in the interactive field extractor has been resolved.
  • The ‘delete’ operator now works correctly on events timestamped in the future.

Resolved Splunk Web and Manager issues

  • The timeline scale has been reinstated in Splunk Web.
  • Results are no longer sent as part of an alert email when the box is unchecked in Manager.
  • Firebug logging is less noisy.
  • Clicking through transaction results no longer breaks the search string.
  • The timerange calendar popup in Splunk Web now uses the server timezone (not the browser timezone).
  • The indexing status dashboard now includes a module with information about license usage.
  • The show source feature now works.
  • Usernames are no longer case-sensitive in Splunk Web.
  • Finalizing a search on the job status page in Manager now works immediately.
  • Default time range options now display more compactly in Splunk Web.
  • Issues with seemingly random Splunk Web timeouts have been resolved.
  • The interface for restricting TCP inputs to one host has been added back into Manager.
  • Disabling and re-enabling Splunk Web from the CLI now works correctly.
  • Occasional “Timed out waiting for splunkweb to start” issue on 32-bit Solaris has been resolved.
  • Changing the timerange on a search that has been run via a permalink no longer runs a search for.
  • The automatic source type option is no longer erroneously available in Manager for network inputs (UDP, TCP).
  • The Help link for the launcher now works in Firefox 3.5.

Resolved deployment server/client, and forwarder issues

  • Enabling SplunkForwarder, SplunkLightForwarder, SplunkDesktop no longer disables deployment server and client functionality.
  • Deployment server now deploys to NATed clients.
  • An issue with deployment clients not picking up Apps from deployment server has been resolved.
  • New versions of Apps are now correctly deployed; default.meta is correctly overwritten.
  • Deployment server now respects permissions of deployed files.
  • The “round robin” forwarder configuration now supports SSL.
  • The syslog routing forwarder configuration is now working properly.
  • The syslog routing forwarder configuration no longer appears to send an extra event to the syslog receiver (an empty line).

Resolved Windows-specific issues

  • Splunk Web no longer shuts down when a user logs out of Windows.
  • Splunk properly completes the uninstall when uninstalling on Windows 7.
  • An issue with not being able to enable just WMI inputs during a commandline install has been resolved.
  • Adding an input in Splunk Web on Windows now formats the stanza correctly in inputs.conf.
  • Windows event log events are formatted correctly when viewed in Firefox.
  • A crash on Windows related to changing Windows Event Log inputs while Security logs are being processed has been resolved.
  • Disabling Windows Event Log inputs in Manager no longer throws an exception.
  • Windows events now correctly display the “Event ID” label instead of “Event Code”.
  • A crash on Windows when removing TCP inputs using Manager has been resolved.
  • Active Directory monitoring (ADmon) now respects the targetDC value specified in admon.conf.

Resolved app and app development issues

  • The Windows App now uses summary indexing for front page displayed searches. This improves the performance.
  • The Windows App has been updated to remove event types and searches that are not applicable to some Windows platforms.
  • Enabling the *Nix App on a Windows host does not throw a “There is no query runner registered” error and will allow searching.
  • An issue with enabling previously disabled deployed Apps has been resolved.
  • An issue with usage of vmstat.sh in the *Nix App on Solaris 9 has been resolved.
  • Display organization of available views is now configurable the way it is for saved searches.
  • Improperly structured XML in dashboards no longer causes tracebacks.
  • Scripts that run as part of an App are now stopped when you disable the App.

Don't miss